Israel’s Pager Attacks Have Changed the World

Israel’s pager attacks did not change the world. They merely <i>alerted</i> the world to the possibility of everyday devices being compromised. What is true today was still true yesterday, it just wasn’t top of mind: we have to be very careful with what we allow our adversaries to sell to us.

Hezbollah bought a specialty item (pagers) and many countries&#x2F;companies are legally prohibited from doing business with Hezbollah. My sense is that these two facts were all but necessary for Israel to carry out this operation. So &quot;changed the world&quot; is hyperbole.

<a href="https:&#x2F;&#x2F;archive.is&#x2F;thGqx" rel="nofollow">https:&#x2F;&#x2F;archive.is&#x2F;thGqx</a>

It was a multi-year operation to get to the place where they <i>could</i> sell the targets the mined devices. Google hasn&#x27;t got that kind of time horizon.<p>Who is your enemy and why do they want to hurt you? Is anyone really concerned that mass market consumer devices have command detonated explosives in them already? I mean, other than the iphones?

What’s really needed is some way you can easily tell that a device has been tampered with, but which is also extremely difficult to bypass. And also where even if the OEM was in on the scheme, you could still tell. Like how a hash is used to tell if someone made changes to a piece of software. For consumer products this is a nonstarter because companies will almost never fully divulge info about all the parts of a device required for this.<p>For defence product where almost everything is fully specified by the customer, it might be possible. If you know all the components in a device, and you can prove they are all genuine, then you can prove the whole device is genuine.<p>Engraved hashes on every part comes to mind, but that would be ungainly to validate and fairly easy to bypass by simply copying codes from one device to another.

We keep hearing<p>&gt; requiring iPhones to be made entirely in the United States.<p>&gt; attacking an international supply chain to compromise equipment<p>But &quot;International&quot; has nothing to do with it. If Lebanon had been a powerhouse of pager manufacturing, a fake reseller could have been created just the same and the pagers re-manufactured just the same. Single iPhones or cases of routers can be delayed in local transit for a touch up (through a small bribe, appeal to patriotism, theft or whatever). And remote exploits are common enough. Seems we need much more effort put into verifiability and such, in hardware and software. Secure enclaves was an idea in the right direction: there is a lot of chip budget available and some can be put into purely security features. Patch and firmware checksums. Encrypted memory path same thing.<p>What&#x27;s on the way? Retail scanner imaging and reference photos posted by the manufacturers?

Fighting terrorism with terrorism, what could go wrong? Maybe we can go back to devices with removable batteries after this.

In my eyes, this incident raises the question about every Israeli software developer and hardware developer I work with.<p>Could they be a part of another operation, infiltrating products I work with and eventually harming the reputation of company? Possibly, yes.

Now it&#x27;ll probably become standard operational practice for every organization that fears such attack to separate part of its new acquisitions of everyday items and sell them in Israeli second-hand market first, before internal use, as a deterrent.

This is concerning - what if Israel wants to take out one bad guy on a plane or something and views the bystanders as &quot;collateral damage&quot;? They blew these up in multiple countries, there is no rule of law here. This op has US state department&#x2F;intelligence agencies written all over it (like the Nord stream pipeline). I suspect folks at the TSA, FAA, FTC, all over concerns over this behavior.

&quot;We can’t imagine Washington passing a law requiring iPhones to be made entirely in the United States. Labor costs are too high, and our country doesn’t have the domestic capacity to make these things. Our supply chains are deeply, inexorably international, and changing that would require bringing global economies back to the 1980s...&quot;<p>Yeah, and that&#x27;s what is happening. Globalization has waxed and waned several times over the last few centuries. It is a matter of government policy, not in any sense &quot;inexorable&quot;. It is currently waning, and will continue to do so for several decades, probably, for this reason and many others.

Has &quot;Israel&quot; been designated a terrorist state by a NATO country?<p>No? Then nothing has changed.